I've intentionally avoided using Cloudflare's services when I can get away with it. I am afraid of what we are giving away to entities like this in the region of security. One gaping MITM vector.
Yes, I'm well aware that cloudflare is mitm, yet for my needs I've decided that this is not a problem.
I can see that you are not happy with what they provide. Luckily theirs service is not forced on you. Neither do you have to use it, nor visit server that use it.
It's worse. You can't just start Mitm'ing regular encrypted internet traffic without compromised infrastructure. With Cloudflare everything is already in place.
Do you want a similar warning on every site that the server might be compromised? Because I don't think that risk is smaller than the CloudFlare MITM risk.
Or is the false sense of true security a bigger detriment?
That's a really tough call.
Cloudflare makes no security guarantees. They don't even commit to keeping your public key secure when you give it to them. That's a bad sign. One wonders how they fund their free MITM service.
If MITM on HTTPS traffic and spewing ram contents into global caches wasn't enough to convince you that cloudflare doesn't care about security, I don't really know what to say.
I've commented on this before. Cloudflare is MITM-as-a-service. Think of it as a form of security theater. If you're going to use encryption, don't outsource your public key.
The fact no one else here has considered that all your private healthcare data is going through an MITM that can strip SSL before reaching the endpoint is rather terrifying. Even if we assume CloudFlare is trustworthy, they are US based, which means little to no GDPR.
The only accurate part is that Cloudflare is indeed a MitM no matter what SSL mode you have enabled. An intelligence agency that thoroughly compromises Cloudflare's interception points would be able to ignore SSL for a lot of large websites.
That's just a trade-off you have to decide is worth it or not before signing up.
With Cloudflare's default settings, a malicious entity can intercept any Cloudflare <-> Backend connections invisibly to the end user since the SSL certificates aren't validated. The end user also can be victim to plain old HTTP MITM on Cloudflare's upstream networks, as happened in 2016: https://news.ycombinator.com/item?id=12091900
It's hard to take Cloudflare's commitment to security seriously when they still ship such terrible default settings.
It really isn't a no brainer. Passing our users' data through CloudFlare would violate our contracts with a number of clients. I'm also dubious about the privacy implications - they're presumably getting something out of those terabytes of free traffic they're handling.
reply